This must be the
WTF of the year! Please only look at it when you are mentally prepared. And don't say I didn't warn you:
Plain SQL-Code in a browser cookie, executed with DB sysadmin privileges once a certain webpage is visited again. An invitation for SQL-Injection to everyone who happens to know how to type "drop database".
